Hi folks, I want to clean up user input before saving into the
database, but when I Sanitize::clean($this->data) it changes negative
integer values like -10 into -10 and I get a database (Postgres)
error because - obviously - it's not an integer anymore.
I want to avoid manually cleani
On Oct 5, 5:49 am, . <[EMAIL PROTECTED]> wrote:
> i am trying to use sanitize::html. my problem is that it even removes new
> line characters \n, which i want to keep. how would you handle this in cake?
> thanks
HTML collapses all whitespace to a single space. Like villas said,
ch
10:49 am, . <[EMAIL PROTECTED]> wrote:
> i am trying to use sanitize::html. my problem is that it even removes new
> line characters \n, which i want to keep. how would you handle this in cake?
> thanks
--~--~-~--~~~---~--~~
You received this mes
i am trying to use sanitize::html. my problem is that it even removes new
line characters \n, which i want to keep. how would you handle this in cake?
thanks
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Ca
I have my comment and I use sanitize to clean all..
But when I show the comment, it appears \n
What is it better to do?
I want to show comment content without strange chars ;)
Thanks
--~--~-~--~~~---~--~~
You received this message because you are subscribed to
Hello,
I know there are a lot of posts already on this, but I could not find
anything that really eliminates my confusion about the Sanitize class.
I have a typical content management system application developed in
CakePHP 1.1, but never did anything in terms of data sanitation. I
have read
On Apr 15, 7:54 pm, Ramiro Araujo <[EMAIL PROTECTED]> wrote:
> By nate: "All database inputs are automatically escaped when you
> save.". Is this true for the "query" method also? If not, what type of
> sanitization should I made if using the query method in some inserts
> or updates?
Cake w
By nate: "All database inputs are automatically escaped when you
save.". Is this true for the "query" method also? If not, what type of
sanitization should I made if using the query method in some inserts
or updates?
thanks!
On Mar 8, 11:46 am, cronet <[EMAIL PROTECTED]> wrote:
> Hi Nate,
>
> th
The Sanitize methods are for operating on text only and won't do your
binary data any good at all. Binary data should be safe to insert into
your database because it won't be interpreted as instructions (which
are text only).
I won't discount it completely, as I've seen s
it is not Sanitized.
Iam using cakePHP and I have used the Sanitize::escape function to
sanitize my data but it transforms binary data and it is unreadable
when I try to download it again.
How can I solve this problem?
Thanx in advance
--~--~-~--~~~---~--~~
You
Hi,
ok, thank for your response. But what is the interest of
sanitize::escape in this case ?
Cordially,
Neveldo : http://www.neveldo.fr
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
On Mar 24, 12:52 pm, Neveldo <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I've a little problem with the function sanitize::escape.
>
> I've data from a post form and I want to save it in my database.
>
> I secure my data like that:
>
> uses('sanitiz
Hi all,
I've a little problem with the function sanitize::escape.
I've data from a post form and I want to save it in my database.
I secure my data like that:
uses('sanitize');
$cleaner = new Sanitize();
$cleanedData['Post']['body'] = $cleaner-&g
te my method
and it will work properly...
Thank you!
Regards,
Alexander
On 4 Mrz., 00:52, nate <[EMAIL PROTECTED]> wrote:
> All database inputs are automatically escaped when you save. What are
> you trying to sanitize for exactly? If you continue to have problems,
> try usin
All database inputs are automatically escaped when you save. What are
you trying to sanitize for exactly? If you continue to have problems,
try using debug() to examine the data before and after sanitizing to
see what the differences are.
On Mar 3, 6:42 pm, cronet <[EMAIL PROTECTED]>
Nobody else having problems with sanitzing data and validate on save ?
I'm still having this problem. I would like to know how to get my data
mysql safe and validating correctly.
Anybody has some hints for me?
Regards,
Alexander
--~--~-~--~~~---~--~~
You receive
be wrong, but I don't think you have to do anything to use the
> database prefix. That's configured in database.php.
>
> On Jan 19, 1:21 pm, Josoroma <[EMAIL PROTECTED]> wrote:
>
>> I have an afterSave function inside a model, my two questions are:
>>
e database prefix?
>
> #2 Do i need to sanitize $data['User']['username'] and $data['User']
> ['id']?
>
> Thanks in advance.
>
> function afterSave(){
>
> $data = $this->read();
> $this->query('UPDATE `bm_aros` SET `
I have an afterSave function inside a model, my two questions are:
#1 How do i use the database prefix?
#2 Do i need to sanitize $data['User']['username'] and $data['User']
['id']?
Thanks in advance.
function afterSave(){
$data = $this->read()
Could anyone suggest the right approach to sanitize user inputs?
Currently having $this->data = Sanitize::clean($this->data) in
AppController. Is there any better option? TIA
--
Email: rrjanbiah-at-Y!comBlog: http://rajeshanbiah.blogsp
CakePHP users/developers might be interested in htmLawed, a 45-kb,
single-file, non-OOP, GPLv3-licensed script with low basal memory
usage (0.5 MB) to filter illegal/disallowed HTML (tags, attributes,
etc.) from user input. It also reduces XSS vulnerabilities, balances
tags, etc.
Visit http://ww
tion taht is going to use this
unsanitized var, which is the best way to sanitize and formulate the
query in the first param of generatetreelis?
For example:
array($model->escapeField() => $id), ...
Im trying to undestand that kind of queries.
Thanks in advance.
--~--~-~--~~
A correction to my mistype:
$cleaner -> clean($this->data,array('connection' =>
'default','odd_spaces' => true,'encode' => true,'escape' =>
true,'backslash' => true));
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
A while back I asked for some help on the options for the new
Sanitize. I got some great help from Joachim stating that these were
the options.
00190 'connection' => 'default',
00191 'odd_spaces' => true,
00192 'e
If you are really worried about this you may want to take a look at
something like HTML Purifier http://htmlpurifier.org/ or KSES
http://sourceforge.net/projects/kses/
HTH
Tarique
On 10/30/07, cakeFreak <[EMAIL PROTECTED]> wrote:
>
> Cheers guys,
>
> in the end I stripped the unwanted HTML tags
Cheers guys,
in the end I stripped the unwanted HTML tags using strip_tags() PHP
native function.
--
$commentInputs = $this->data['Comment'];
$data['Comment']['body'] = strip_tags($commentInputs['body'],
'');
I am using PHP Markdown as a vendor. Really simple to implement, and
works great.
Download here: http://michelf.com/projects/php-markdown/
On Oct 27, 8:44 pm, VolCh <[EMAIL PROTECTED]> wrote:
> Other way - use some BB codes for formating.
>
> On Oct 27, 10:07 pm, cakeFreak <[EMAIL PROTECTED]> wr
You should update your cake core.
The newest escape function reads:
00073 function escape($string, $connection = 'default') {
00074 $db =& ConnectionManager::getDataSource($connection);
00075 if (is_numeric($string)) {
00076 return $string;
00077 }
00078
Remove all HTML tags - good idea for security, but bad for usability.
You can remove active tags (script, object, applet, img, etc.) and not
remove simple formating (, etc.), but you must clear some attrs
for example from onmouseover or onclick . I think also you don't want
to see or in comment
Hey guys,
cheers for your suggestions!
What about security?
Should I strip out all html from comment messages, leave some stuff
etc?
Dan
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post t
Sanatize::escape() in v1.2
http://api.cakephp.org/1.2/class_sanitize.html#7880433bcb1bbf193ddd090db89389ea
On Oct 27, 2:25 pm, "Olexandr Melnyk" <[EMAIL PROTECTED]> wrote:
> $Sanitize->sql($data) on CakePHP 1.1
>
> On 10/27/07, cakeFreak <[EMAIL PROTECTED]> wro
$Sanitize->sql($data) on CakePHP 1.1
On 10/27/07, cakeFreak <[EMAIL PROTECTED]> wrote:
>
>
> Hey guys,
>
> just wondering how do you sanitize the input data for the comments of,
> say for example, a post before saving them in DB.
>
> do you use $Sanitize->cle
Hey guys,
just wondering how do you sanitize the input data for the comments of,
say for example, a post before saving them in DB.
do you use $Sanitize->clean($data), $Sanitize->stripAll($data), both
of them or samething else?
Dan
--~--~-~--~~~---~--~---
i forgot say, using cakephp 1.2 alpha
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [E
sanitize.php
/**
* Makes a string SQL-safe.
*
* @param string $string String to sanitize
* @param string $connection Database connection being used
* @return string SQL safe string
* @access public
* @static
*/
function escape($string, $connection = 'de
For general items like title, datetime etc there is no need to
manually sanitize as it is all handled internally. Sanitize is only
required when you want to really restrict what input the user is
entering e.g. on your textile field you probably want to run
Sanitize::stripAll() to remove anything
I have a small question with Sanitize library, as I'm not really good
at solving security problems that may arise in my application.
As I've already know, Sanitize comes with lots of method: paranoid,
escape, html, etc.
But I wonder when to use which method, and I'm really c
This seems to be a real problem with me as well.
I sanitize my array:
$mrClean = new Sanitize();
$mrClean->cleanArray($this->data);
It saves the phrase --> i'm here as i'm here into my database
which is fine.
But then when I use my helper to show a form->input() it re
array of $html->input() does
> the trick!
>
> The only problem left is that a "\" will get double-escaped (Sanitize
> wil escape it, after which de DBO also escapes it.
>
> On Jun 26, 5:13 pm, "Jonathan Langevin" <[EMAIL PROTECTED]> wrote:
> > BTW,
ribute()). What I did find there is the "escape" key!
Setting "escape"=>false in the attribute array of $html->input() does
the trick!
The only problem left is that a "\" will get double-escaped (Sanitize
wil escape it, after which de DBO also escapes it.
On Jun 2
e do this later this week.
> >
> > As for the code, it's quite straight forward:
> > I have a classifieds_controller which adds a classified add to the
> > database:
> > /* part of function save() */
> > if(isset($this->params['data'])) {
>
to use Cake
> 1.2 and will maybe do this later this week.
>
> As for the code, it's quite straight forward:
> I have a classifieds_controller which adds a classified add to the
> database:
> /* part of function save() */
> if(isset($this->params['data&#
ve() */
if(isset($this->params['data'])) {
if($this->Classified->validates($this->params['data'])) {
uses('sanitize');
$Sanitize = & new Sanitize();
$Sanitize->cleanArray($this->data['
Can you give us snippets of your code, so we can see how you're using
sanitize and html helper?
Are you using Cake 1.2?
BTW, sanitize doesn't use htmlentities, it uses a specific REGEX match,
appears it functions similar to htmlentities (just fyi :-) )
On 6/26/07, mac joost <[EM
Hi,
When I use Sanitize to clean user-input and then create a form using
the html helper, 'special characters' like '&' get double converted:
- Sanitize converts '&' into '&', which is then stored in the
database.
- html helper functions conve
On Jun 20, 12:59 pm, thejasondean <[EMAIL PROTECTED]> wrote:
> i'm trying to use sanitize's method paranoid()
> but unfortunately it strips greek characters which are alphanumeric in
> my language.
> i've tried inserting \p{Greek} in paranoid's regular expression with
> no results (i'm getting b
i'm trying to use sanitize's method paranoid()
but unfortunately it strips greek characters which are alphanumeric in
my language.
i've tried inserting \p{Greek} in paranoid's regular expression with
no results (i'm getting back a ??? string)
I assume the same problem goes for most people that
About some function in FindAll, this might be usefull
http://cakebaker.42dh.com/2007/05/22/how-to-use-sql-functions-in-conditions-part-ii/
On May 21, 6:17 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
wrote:
> > How are you escaping it now?
>
> I am not, cake is doing it automatically.
>
> I hav
> How are you escaping it now?
I am not, cake is doing it automatically.
I have an array of input params that I use to build an array:
$temp[] = "FIND_IN_SET('".(int)$v."',Respcount.responsibilities)";
$v is the value that comes from the form. Then I join everything that
is in temp with implode
On May 21, 2007, at 9:34 AM, [EMAIL PROTECTED] wrote:
>
> I am trying to use the Mysql function FIND_IN_SET (it takes 2
> parameters, a sting and a comma seperated list) to do a lookup on some
> data using findAll and I am running into an issue of a comma being
> striped out I assume by sql esca
I am trying to use the Mysql function FIND_IN_SET (it takes 2
parameters, a sting and a comma seperated list) to do a lookup on some
data using findAll and I am running into an issue of a comma being
striped out I assume by sql escaping. Is there someway to avoid the
escaping?
--~--~-~--
Hmm. Good to know. Thanks for the quick reponse!
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, sen
There is no need to run sanitize on a query like the one you have
above. Look in the api at beforeFind() the param is the queryData
which is an associative array of conditions, fields, order, etc. If
you run Sanitize at all, it should only be on conditions, but even
then its a bit of overkill
I am using cake version 1.2.0.4986alpha and am getting some bad sql
when I use Sanitize::clean. Everything runs fine without it, but when
I include it I get this:
SELECT `Post`.`COUNT(*) AS count`, `Post`.`id` FROM `posts` AS `Post`
LEFT JOIN `posts` AS `ParentPost` ON (`Post`.`parent_id
You should only run the first when the second will not do what you
want.
That said probably 90% of whatever you have to do should use the
second.
Sanitize is not needed as data and fields are escaped properly at the
dbo level.
--~--~-~--~~~---~--~~
You received
Hello, everybody!
So I have what advantages of using of Model::query() + Sanitize::sql()
instead of using DboMysql API?
When I must use the first and when the second?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
is function to operate on arrays is
very easy.
On Mar 7, 8:32 pm, "squidliberty" <[EMAIL PROTECTED]> wrote:
> I have several areas of my site where it is necessary to sanitize
> large amounts of user form data. cleanArray() makes this process a
> breeze - however, I have fou
On 3/8/07, squidliberty <[EMAIL PROTECTED]> wrote:
> How should I be handling this? My best solution was to create a
> fixSafeChar() function to convert the hyphens back. But this seems
> pretty crude.
Thats what I have done as well...
However, the problem is usually in the URLs and emails - a b
I have several areas of my site where it is necessary to sanitize
large amounts of user form data. cleanArray() makes this process a
breeze - however, I have found that it replaces hyphens ('-') with the
htmlentity equivalent ('-'). This is a big problem for email
addresse
Marcus,
1.2 is still a moving target.
You should report issues to the trac site and file a ticket. I do not follow
this list often since most of my time is spent working on the code. I just
happened to see the problem you had today while scanning my emails.
https://trac.cakephp.org
--
/**
* @a
the value() function
> (seehttps://trac.cakephp.org/ticket/2074).
>
> Unfortunately Sanitize::clean() calles DboMysql::value() for every
> value it works on. If the value is a string, DboMysql::value() wraps
> it with apostrophes. I think this isn't intended in this case.
>
> My
Hi there,
with Revision 4569 of dbo_mysql.php Strings are escaped with a ' at
the start and end of the string when calling the value() function (see
https://trac.cakephp.org/ticket/2074).
Unfortunately Sanitize::clean() calles DboMysql::value() for every
value it works on. If the value
A fairly substantial set of questions - here is some experience based
on 1.1.12:
When to sanitize?
I always sanitize input before validation for two reasons:
1) Some validation routines (e.g. unique) use the input in the DB;
2) If the input does get changed by the sanitization it may become
I've read the relevant manual chapters and googled this forum. It has
helped a bit, but unfortunately, I am still a bit vague on a
reasonable way of using sanitize together with validation to properly
secure things, Perhaps others are in the same boat, so I thought I
would think out loud
Since Sanitize::sql is deprecated in 1.2 and we need to use escape
instead, I had to modify many places in my project and ran into this
problem:
* Sanitize::escape automatically put the string between 2 single
quotes:
example: e(pr(Sanitize::escape("this_is_a_safe_string")));
and yo
Hi,
I'd like to use the sanitize->paranoid method to clean up all input
from my app forms...
I have created a whitelist array containing allow arrays for each of my
inputs - if an input has no matching key in my array then it will
sanitize with nothing allowed - so keeping things
seems like this list as developed an echo echo echo echo echoOn 9/24/06, [EMAIL PROTECTED] <
[EMAIL PROTECTED]> wrote:Cheers guys, it's working now!--~--~-~--~~--
--~---~--~~You received this message because you are subscribed to the Google Groups "Cake PHP" group.To pos
Cheers guys, it's working now!
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PR
Cheers guys, it's working now!
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PR
Oh, yeah, gwoo - too quick to respond. It's the model, stupid! sheesh.
thanks for catching that.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googl
function beforeSave() {
uses('sanitize');
$Sanitize = & new Sanitize();
$Sanitize->cleanArray($this->data);
}
}
--~--~-~--~~~---~--~~
You received this message because you are subscribed t
try this:
class User extends AppModel
{
var $name="User";
var $uses = array('sanitize');
...
}
HTH
[EMAIL PROTECTED] wrote:
> My model looks like this:
>
> class User extends AppModel
> {
> var $name
My model looks like this:
class User extends AppModel
{
var $name = 'User';
uses('sanitize');
...
}
And I am receiving the following error as a result: parse error,
unexpected T_STRING, expecting T_FUNCTION
If I comment out the "uses" lin
then an element with an array passed to it is the same as a helper?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe fro
On Sep 6, 2006, at 9:09 AM, Chris wrote:
>
> much harder but still possible I think? Should I just use
>
> http://cyberai.com/inputfilter/ and create it as a "helper"?
Helpers are usually things to help you with presentational stuff in
views - you might try making a component (which is some
much harder but still possible I think? Should I just use
http://cyberai.com/inputfilter/ and create it as a "helper"?
Sorry if these questions seem odvouis but I am just getting my head
around the MCV logic, and trying to "put it together" in my head
before I start converting my site...
Ch
just use the PHP function strip_tags().
$cleaned = strip_tags($input, '','','','');
>
> and what about XSS?
Sanitize will render any tag openings as HTML entities, which makes
Javascript injection much harder.
-- John
--~--~-~--~~--
Hello,
Just curoius the example in the manual shows:
$badString = 'HEY...';
echo $mrClean->html($badString);
// output: HEY
echo $mrClean->html($badString, true);
// output: font size=99 color=#FF HEY fontscript...script
is their a
> it would be well worth a go. and then possibly attack it from the
> other angle. include an attribute (array) within my controller that
> could list those actions where it is not cool to do an auto-sanitize.
for an idea where to go with that, check out Gwoo's rdAuth, I think
y
thanks Jon.
i reckon you might be right there.
it would be well worth a go. and then possibly attack it from the
other angle. include an attribute (array) within my controller that
could list those actions where it is not cool to do an auto-sanitize.
would be very nice to know that i am secure
ldn't be possible
/// app_controller.php
function beforeFilter ()
{
$this->params = $this->Sanitize->cleanArray ($this->params);
}
you may run into issues though - just have to play and see :)
hth
jon
--
jon bennett
t: +44 (0) 1225 341 039 w: http://www.jben.net/
iChat (A
mp;q=beforesave+sanitize&rnum=1#aac9cb60e3bc4a93
http://www.cakephp.org/pastes/show/eb23edaac3bd13381b467669d2bd291a
Basically, I'm thinking about the option of sanitizing any and all
input from the user in a method of my app_controller. i'm just trying
to think about the positives and negativ
Just to say a bit more, I found this in the article for UTF-8 on
Wikipedia:
"A badly-written (and not compliant with current versions of the
standard) UTF-8 parser could accept a number of different pseudo-UTF-8
representations and convert them to the same Unicode output. This
provides a way for
I can't seem to find the specific example I was looking for, but I did
find this when looking back in my database for one of the tests I did:
¼script¾alert(¢Another Test¢)¼/script¾
It didn't seem to cause a problem, though I don't know if that's
because of some PHP or Apache setting; my fear is
On Aug 1, 2006, at 2:17 PM, Eric Farraro wrote:
>
> To focus my question a little further, I pointed out that in the
> Sanitize->html function, a simple find and replace was done on certain
> characters. My (very basic) understanding of XSS attacks is that they
> will ofte
Sorry if it sounds like I made that assumption -- I guess my question
was a little too broad and the title a bit sensational.
To focus my question a little further, I pointed out that in the
Sanitize->html function, a simple find and replace was done on certain
characters. My (very ba
I think to make the assumption that because no one either feels confident enough to answer the question of whether or not cleanArray or the CakePHP framework in generally protects against XSS attacks, no one understands the vulnerabilities is fairly shallow.
I think given the variety and varying
Surely someone must know a bit about XSS vulnerabilities! :)
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this
I've been reading about all types of security vulnerabilities common in
online applications, and realized that my application had some rather
large XSS holes. I found that using the Sanitize function 'cleanArray'
did a nice job in removing all? of the vulnerabilities, but I am
cur
On Mon, 31 Jul 2006 02:34:29 -0700
"AD7six" <[EMAIL PROTECTED]> wrote:
> Why use sanitize at all? Data sent to the DB get´s escaped anyway, so
> it´s not exactly necessary. I thought the intention of the sanitize
> class was for example, so you could still escape your cu
I think I tried it because I couldn't see data being escaped on the DB
- perhaps there a config setting I have overlooked?
I decided to test it further. Without calling sanitize from a
beforeSave() function within app_model I entered a javascript string
into an input field, just simple s
can't trigger this alternative
behaviour.
There are other cases where Sanitize::html() encoding can get in your way,
i.e. when getting an email address from a form. [EMAIL PROTECTED] will
become my-[EMAIL PROTECTED] and will consequentely not be considered as a
valid Email address when trying to va
Hi ianh,
Why use sanitize at all? Data sent to the DB get´s escaped anyway, so
it´s not exactly necessary. I thought the intention of the sanitize
class was for example, so you could still escape your custom sql
queries easily.
If you still want to use sanitize (that means your data is getting
hat the full sanitize check looks like this:
http://www.cakephp.org/pastes/show/eb23edaac3bd13381b467669d2bd291a
I am specifically interested in the publishUp and publisDown fields,
but an obvious 'to do' is to create an array of fieldnames to do this
to.
But - does anybody have any bet
Only if magic quotes is enabled in php.iniOn 7/20/06, yeastinflexion <[EMAIL PROTECTED]> wrote:
i thought php automatically addslashes to posted data?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake PHP" group.
i thought php automatically addslashes to posted data?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group,
if you use something like this which cake cannot automagically escape:
$foo = $this->MyModel->findAll("id='{$id}'");
you should use Sanitize::sql() on $id to prevent sql injection attacks.
--~--~-~--~~~---~--~~
You received this message
Cake escapes by default without the need for Sanitize.
But if you want to be extra secure, using the cleanArray, cleanValue
methods of Sanitize are important.
I imagine Sanitize::sql() is there in case there are other places in
your app that you might want to escape data in the same way
Hey,
I'm using Cake for the first time to develop an application, and I'm
intent on making it secure as possible. One question that came up for
me is the point of the Sanitize->sql function. The description of the
function reads:
" Makes a string SQL-safe by adding slashes
uses( ) is a Cake-specific wrapper for require_once, that loads a
library in the core.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
101 - 200 of 210 matches
Mail list logo
